AnyDesk Analysis

💳 Purchase Required

You need to purchase an additional CTI license to see detailed indicators.

IOB - Indicator of Behavior (53)

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Lang

en50
es2
ru2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Country

ru16
us10
tr2
tk2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Actors

AnyDesk2
Silence1
Carbanak1
FIN71
LokiBot1

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Activities

Interest

Timeline

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Type

Not Defined22
WordPress Plugin8
Connectivity Software4
Router Operating System4
Advertising Software2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vendor

Not Defined26
Nozomi2
MojofyWP2
Tenable2
WP Zinc2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Product

OpenSSH4
Nozomi Guardian2
Nozomi CMC2
MojofyWP WP Affiliate Disclosure Plugin2
Tenable Nessus2

The data in this chart does not reflect real data. It is dummy data, distorted and not usable in any way. You need an additional purchase to unlock this view to get access to more details of real data.

Vulnerabilities

#VulnerabilityBaseTemp0dayTodayExpRemEPSSCTICVE
1WordPress Customizer path traversal7.06.7$5k-$25k$0-$5kNot DefinedOfficial Fix0.002950.00CVE-2017-14722
2Synology VPN Plus Server Remote Desktop out-of-bounds write9.99.7$0-$5k$0-$5kNot DefinedOfficial Fix0.000780.02CVE-2022-43931
3GajShield Data Security Firewall firmware Web-based Management Interface hard-coded credentials9.99.7$0-$5k$0-$5kNot DefinedOfficial Fix0.001810.00CVE-2023-1778
4PaperCut NG/MF HTTP Request server-side request forgery6.96.8$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.03CVE-2024-1884
5MojofyWP WP Affiliate Disclosure Plugin cross site scripting5.15.1$0-$5k$0-$5kNot DefinedNot Defined0.000450.04CVE-2023-52178
6WP Zinc Page Generator Plugin sql injection6.56.5$0-$5k$0-$5kNot DefinedNot Defined0.000500.00CVE-2023-52131
7nginx request smuggling6.96.9$0-$5k$0-$5kNot DefinedNot Defined0.002411.99CVE-2020-12440
8Impress GiveWP Give Plugin class-payments-query.php sql injection8.58.5$0-$5k$0-$5kNot DefinedOfficial Fix0.001750.02CVE-2019-13578
9Synchroweb SynConnect Login index.php sql injection7.36.9$0-$5k$0-$5kProof-of-ConceptNot Defined0.001900.00CVE-2013-2690
10Trustwave ModSecurity Chunked HTTP Transfer modsecurity.c modsecurity_tx_init access control5.34.6$0-$5k$0-$5kProof-of-ConceptOfficial Fix0.467290.00CVE-2013-5704
11Tenda AC8 SetNetControlList stack-based overflow7.67.5$0-$5k$0-$5kNot DefinedNot Defined0.000870.04CVE-2023-40900
12Tracker Software PDF-XChange Editor XPS File Parser out-of-bounds4.34.1$0-$5k$0-$5kNot DefinedOfficial Fix0.000650.00CVE-2023-40469
13Tracker Software PDF-XChange Editor JP2 File Parser memory corruption6.36.0$0-$5k$0-$5kNot DefinedOfficial Fix0.001320.00CVE-2023-39486
14CSZ CMS Carousel Wiget cross site scripting4.84.7$0-$5k$0-$5kNot DefinedNot Defined0.000460.00CVE-2023-38910
15Online Travel Agency System PHP File artical.php unrestricted upload6.76.6$0-$5k$0-$5kNot DefinedNot Defined0.001160.00CVE-2023-31946
16Control iD Gerencia Web Cookie cleartext storage4.24.1$0-$5k$0-$5kProof-of-ConceptNot Defined0.000630.11CVE-2023-4392
17Tenda A18 formAddMacfilterRule stack-based overflow6.56.4$0-$5k$0-$5kNot DefinedNot Defined0.000460.00CVE-2023-39827
18lmxcms BookAction.class.php reply sql injection6.35.7$0-$5k$0-$5kProof-of-ConceptNot Defined0.001520.04CVE-2023-1322
19HCL Traveler Companion Task Switcher information disclosure4.04.0$0-$5k$0-$5kNot DefinedOfficial Fix0.000430.00CVE-2023-37512
20Intel oneMKL insecure preserved inherited permissions7.27.1$5k-$25k$0-$5kNot DefinedOfficial Fix0.000430.00CVE-2023-28658

IOC - Indicator of Compromise (3)

These indicators of compromise highlight associated network ressources which are known to be part of research and attack activities.

IDIP addressHostnameActorCampaignsIdentifiedTypeConfidence
152.89.196.49ec2-52-89-196-49.us-west-2.compute.amazonaws.comAnyDesk04/02/2024verifiedMedium
2XXX.XX.XXX.XXXXxxxxxx04/02/2024verifiedHigh
3XXX.XX.X.XXXxxx.xxxxxxxxxxxxxxxxxxx.xxxxXxxxxxx04/02/2024verifiedHigh

TTP - Tactics, Techniques, Procedures (11)

Tactics, techniques, and procedures summarize the suspected MITRE ATT&CK techniques used. This data is unique as it uses our predictive model for actor profiling.

IDTechniqueClassVulnerabilitiesAccess VectorTypeConfidence
1T1006CAPEC-126CWE-22Path TraversalpredictiveHigh
2T1059.007CAPEC-209CWE-79Cross Site ScriptingpredictiveHigh
3T1068CAPEC-122CWE-264, CWE-269, CWE-284Execution with Unnecessary PrivilegespredictiveHigh
4TXXXX.XXXCAPEC-191CWE-XXXXxxx-xxxxx XxxxxxxxxxxpredictiveHigh
5TXXXXCAPEC-CWE-XXXXxxxxxxxxx XxxxxxpredictiveHigh
6TXXXXCAPEC-108CWE-XXXxx XxxxxxxxxpredictiveHigh
7TXXXXCAPEC-CWE-XXXXxxxxxxxxxx XxxxxxxxxxpredictiveHigh
8TXXXXCAPEC-37CWE-XXXXxxxxxxxx Xxxxxxx Xx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
9TXXXXCAPEC-116CWE-XXXXxxxxxxxxx Xx Xxxxxxx Xxxxx Xxxxxxx Xxxxxxxxx XxxxxxxxxxxpredictiveHigh
10TXXXX.XXXCAPEC-CWE-XXXxxxxxxxxxxxxpredictiveHigh
11TXXXX.XXXCAPEC-1CWE-XXXXxxxxxxxxx Xxxxxxxxxxxxxx Xx Xxxxxxxx Xxxx XxxxxxxxxpredictiveHigh

IOA - Indicator of Attack (22)

These indicators of attack list the potential fragments used for technical activities like reconnaissance, exploitation, privilege escalation, and exfiltration. This data is unique as it uses our predictive model for actor profiling.

IDClassIndicatorTypeConfidence
1File/goform/SetNetControlListpredictiveHigh
2File/index.php/newsletter/subscriber/new/predictiveHigh
3File/sqlitemanager/main.php?dbsel=-1%20or%2072%20=%2072predictiveHigh
4Filexxxxxxx/xxxxxxxxxxx.xpredictiveHigh
5Filexxxxxxx.xxxpredictiveMedium
6Filexxxxxxxxxx.xxxxx.xxxpredictiveHigh
7Filexxxxxxx/xxxxxxx/xxxxxxx.xxxx?xxxxpredictiveHigh
8Filexxxxxxxx/xxxxxxxx/xxxxx-xxxxxxxx-xxxxx.xxxpredictiveHigh
9Filexxxxx.xxxpredictiveMedium
10FilexxxxxxxxxxpredictiveMedium
11Filexxxxxxxxxxxx.xxxpredictiveHigh
12Filexx-xxxxxxxx/xxxx.xxxpredictiveHigh
13Filexxx/xxxxxxxx/xxxxxxx.xxxpredictiveHigh
14ArgumentxxxxxxxxpredictiveMedium
15ArgumentxxpredictiveLow
16ArgumentxxxxpredictiveLow
17ArgumentxxxxxxxpredictiveLow
18Argumentxxxx_xxxxpredictiveMedium
19ArgumentxxxxxxxxxxxxxxxxpredictiveHigh
20ArgumentxxxxpredictiveLow
21Input Valuex) xxx xxxxxxxxx(x,xxxxxx(xxxx,xxxx()),x)#predictiveHigh
22Input ValuexxxxxxxxpredictiveMedium

References (3)

The following list contains external sources which discuss the actor and the associated activities:

PreviousOverviewNext

Do you need the next level of professionalism?

Upgrade your account now!